[Mimedefang] Virus Scanner messages
Tony Nugent
tony at linuxworks.com.au
Tue Jul 23 07:16:05 EDT 2002
On Thu Jul 11 2002 at 12:48, Jason Englander wrote:
> On Wed, 10 Jul 2002, David F. Skoll wrote:
>
> > Hi,
> >
> > I really want to release 2.16 soon! So everyone who uses virus-scanners,
> > please send me regular expressions which pick out interesting lines
> > from the chatter of the scanner output.
>
> NAI uvscan (8 spaces, \s+, whatever...):
>
> /^ Found/
This bit of code very cleanly globs the actual virus name from nai's
standard three-version, two-line uvscan output...
[ ... snip ... ]
my($VirusName) = $VirusScannerMessages;
$VirusName =~ s/.*?(Found .*?) !!!.*$/$1/s; # remove pre/postamble
if ($VirusName =~ /Found the .*? virus/) {
$VirusName =~ s/Found the (.*?) virus.*/$1/; # Found NAME virus
} elsif ($VirusName =~ /Found virus or variant/) {
$VirusName =~ s/Found virus or variant (.*?)/$1/; # Found virus or variant NAME
} elsif ($VirusName =~ /Found the .*? trojan/) {
$VirusName =~ s/Found the (.*?) trojan/$1/; # Found the NAME trojan
}
The only times that I have seen it fail is when specific things (eg,
malicious html) trip it to putput messages that say things like
"this is foo or bar, please send a copy to nai". Rare. There may
be other a few other examples where its output is different
(system/program errors aside), but I've not seen any... I've been
using uvscan with MD for 18 months, I've only seen this 2 or 3 times
-- each time they trapped exploit examples sent to a bugtraq mailing
list :)
I hope this is useful. Works for me, tried and proven :)
Cheers
Tony
More information about the MIMEDefang
mailing list